【工作备忘】suricata
因为工作遇到的困难,我向suricata的某个作者发送了邮件。
On Wed, Sep 11, 2013 at 8:22 AM, likeyi <929812468@qq.com> wrote:
Dear Tom DeCanio:
Very glad to see you, I am now reading the source code that writed by you.
I am a user for this source code, and now I have met some problems.
One is that I found when I configure the suricata as IDS mode, It's run
fast, But when I configure the suricata as IPS mode,it is very slowly.
And I found that it is "MpipeFreePacket" function cause that, and I want to know why.
Thank you very much.
很幸运的,Tom Decanio回复了邮件。
Nice to meet you as well.
Its been quite a while since I played with this code. I seem to remember that my benchmark comparisons between IDS and IPS mode seemed to indicate that there was about a 10-15% penalty for running in IPS mode, which I didn't think was too bad. I don't know if you are seeing something similar.
When running IDS mode freeing a packet results in a simple write to a hardware register to free the packet back to a stack. Actually transmitting that requires queueing the packet for transmission out the egress port. I've not looked recently, but I believe the gxio_mpipe_equeue_put implementation actually requires synchronization between all of the suricata worker threads doing output so there might be lock contention within the routine. Again this is from memory as I haven't looked at this in a while.
I believe that Tilera has modified this part of the code somewhat, and removed quite a bit of functionality in the process. I haven't benchmarked the suricata code being delivered by Tilera.
Good luck with Suricata on Tilera.
Regards;
Tom
然后我又做了如下回复。
Thank you very much, to be honest, seeing 0:03 reply to my mail, I am very grateful.
Then I realized that China is at midnight,and the United States just at noon, right? You are in the U.S.?
Your e-mail I received very excited, it reminds me of the feeling of pen pals, especially when chatting with foreigners.
I hope you know that when I was in China will not be too surprised that China is developing rapidly, welcome to travel to China.
Then I realized that China is at midnight,and the United States just at noon, right? You are in the U.S.?
Your e-mail I received very excited, it reminds me of the feeling of pen pals, especially when chatting with foreigners.
I hope you know that when I was in China will not be too surprised that China is developing rapidly, welcome to travel to China.
